The present application relates generally to an improved data processing apparatus and method and more specifically to mechanisms for secret-key exchange for wireless and sensor networks.
In contrast to current infrastructure-based networks (such as present-day cellular systems), the next generation of wireless and sensor networks will have self-organization capabilities where a group of nodes setup a customized ad hoc network on demand, such as people at trade-shows/conferences connect together to form an ad hoc network for information sharing, an emergency response ad hoc network being setup on demand in the field, or a group of (mobile) sensor nodes being put to use in a field on demand by creating an ad hoc network. One of the key problems in self-organization is setting up “secure” wireless channels between the nodes. State-of-the-art technologies to establish secure physical-layer wireless channels is provided through the use of code division multiple access (CDMA) or fast frequency hopping spread spectrum (FHSS) modulation techniques. However, the main requirement for these secure wireless channels is that the participating nodes must have a “shared secret-key” which is unknown to a potential attacker. Therefore, to bootstrap such networks, the first step in security is to establish a shared secret-key, since otherwise, by nature, a wireless channel is an open medium and the signals may be received by any transceiver, and will be prone to eavesdropping, jamming, and other disruption attacks. In addition to the above illustrative example, in most security bootstrapping mechanisms a shared secret-key is a necessary first requirement which must be first exchanged between the legitimate nodes.
Most known solutions to wireless secret-key exchange are adaptations of solutions for the wired networks. However, wireless channels are inherently different from wired channels and characterized by fading, unreliability, broadcast nature, etc. The widely used security mechanism in wired networks and current-day wireless systems is a Public-Key-Infrastructure (PKI) and adaptations of PKI. PKI schemes require a trusted central authority for key distribution and/or prior knowledge of users' public keys. Though pre-distribution of keys using trusted offline mechanisms can be achieved, such trusted offline mechanisms are very inefficient, incur a high security management overhead, and may be non-scalable for large networks with a dynamically changing membership. The other current state-of-the-art approach to on demand secret-key generation in the wired networks is the Diffie-Hellman (DH) protocol and variants of DH. The key steps of the DH algorithm require that two legitimate nodes wishing to establish a secret-key first exchange a set of open messages, and the key is then derived from these messages. However, exchanging the DH messages is very difficult over an open wireless channel in the presence of an active adversary due to smart jamming attacks, such as MAC layer attacks, which can cause a severe drop in throughput and practically block communication between the legitimate nodes.